Ref# ADV2025_241 | Date: Aug 5th 2025

---

Drupal has published a security advisory highlighting vulnerabilities in the following products on July 30th, 2025. It is recommended that you take the necessary precautions by ensuring your products are always updated. 

• Config Pages – versions prior to 2.18.0 

• GoogleTag Manager – versions prior to 1.10.0 

For more information on these updates, you can follow these URLs: 

• Config Pages – Moderately critical – Access bypass – SA-CONTRIB-2025-093 

• GoogleTag Manager – Moderately critical – Cross-site scripting – SA-CONTRIB-2025-094 

• Drupal Security Advisories 

The Guyana National CIRT recommends that users and administrators review these updates and apply them where necessary. 

PDF Download: Drupal Security Advisory

References 

• Drupal Security Advisories. (July 30th, 2025). Retrieved from Drupal. https://www.drupal.org/security  

• Drupal Security Advisory. (July 30th, 2025). Retrieved from Canadian Centre for Cyber Security. https://www.cyber.gc.ca/en/alerts-advisories/drupal-security-advisory-av25-469